openhands-automation

SUSPICIOUS: The skill is mostly aligned with its stated OpenHands automation purpose and uses official OpenHands endpoints, but it materially expands trust by allowing arbitrary plugin sources, cloning repos that auto-load skills, and triggering autonomous runs from untrusted external events. The main concern is transitive instruction/plugin loading and prompt-injection risk, not obvious credential theft or fake endpoint routing.